FIPS compliance

Marcus Watts mdw at umich.edu
Fri Nov 10 15:47:38 EST 2006


"jofo" <joey.foley at gmail.com> writes:
> From: "jofo" <joey.foley at gmail.com>
> X-Newsgroups: comp.protocols.kerberos
> Subject: FIPS compliance
> Date: 9 Nov 2006 16:02:41 -0800
> 
> Hello all,
> 
> I am writing some security documentation for work.  A question came up
> about whether or not the Linux security packages used for
> authentication (krb5) and key management (RSA/DSA for SSH) were FIPS
> compliant.
> 
> I don't really know.  I know that Kerberos v5 is FIPS compliant and I
> know that SSH v2 is FIPS compliant.  However, are the Linux packages
> FIPS compliant?
> 
> Any ideas how I would verify if they are or not?
> Would they be compliant because the underlying algorithm is compliant?
> 
> Thanks for any insight.

Which FIPS standard are you thinking of?  There are a bunch.
	FIPS 81?
	FIPS-PUB-113?
	FIPS 140-2?  
	FIPS 197?

I don't think you can say any 'generic' thing is FIPS-compliant.
Strictly speaking, FIPS compliance is something you get by going
through a very particular governmental certification process, which
normally does not deal with generic standards, but instead deals with specific
and particular implementations.  Standards are described, but the
compliance aspect is to show that a particular implementation meets
that standard.  So, any random implementation of kerberos 5 is not
inherently FIPS compliant.  Indeed, the original kerberos 5 spec (RFC
1510) had just enough deficiencies that it's not even entirely safe to
assume it will interoperate with all or even most other implementations
of kerberos 5.  Somebody's particular build of kerberos 5, installed
with a particular set of packages for the rest of the operating system,
on a particular hardware platform (probably particular down to the make
& model of the system hardare), and certified (probably at considerable
expense) at one of a small number of government approved private
laboratories which will follow a specific testing regime proscribed by
the government, that might be compliant.  I doubt anybody but a
commercial outfit bidding for a governmental contract would bother to
follow this whole process.  It's unlikely an open source organization
would bother; there's simply no reason to do so.

Open source organizations can and do attempt to follow FIPS standards,
of course.  That's not for FIPS compliance, that's for
interoperability.  Another reason folks often choose to follow FIPS
standards is because they have been reviewed by enough folks that there
is some level of assurance that they can deliver a given, though often
not entirely ideal, level of security.  Perhaps a better term would be
"FIPS compatible", although even that is a bit silly.  Usually people
just name the particular algorithm or protocol, ie, ``aes'', or ``des-cbc''.

Now, if you want to have fun, find a copy of the original FIPS
standard for DES (FIPS 46), and try to decide from that standard in what
order the bits of a DES key or data block should be stored in memory, for
a software implementation of DES.

				-Marcus Watts



More information about the Kerberos mailing list